Disallow RDP access to certain accounts which are part of Domain Admins

Hi,

We have several 100 servers and we have few accounts used as a service account on these servers.  It is a requirement by the application for these service accounts to be member of Domain Admins Group.

I would like to prevent some of the service accounts RDP access on all our servers.  What is the quickest way of accomplishing this?  Can I do something on the user level like Deny RDP Access etc.??

Help please.
fais79Asked:
Who is Participating?
 
Will SzymkowskiSenior Solution ArchitectCommented:
You can do this via GPO. Remember that this change can be reverted back with this account as it is a domain admin account.

Not recommend but can be done via GPO.

Deny RDP access - http://technet.microsoft.com/en-us/library/cc737453(WS.10).aspx

Will.
0
 
McKnifeCommented:
Before we leave it unquestioned... :)
Why would you need to have those accounts setup as domain admins? Normally, you would use service accounts and assign/delegate just some privileges to them and not the whole lot.
0
 
McKnifeCommented:
Please respond or finalize it, this question is growing old :)
0
All Courses

From novice to tech pro — start learning today.